: Firefox 31 not loading SSL site Firefox 31 was released yesterday, and it seems like it has a problem with SSL: Secure Connection Failed An error occurred during a connection to api.joeyco.com.
Firefox 31 was released yesterday, and it seems like it has a problem with SSL:
Secure Connection Failed
An error occurred during a connection to api.joeyco.com. SSL peer selected a
cipher suite disallowed for the selected protocol version.
(Error code: ssl_error_cipher_disallowed_for_version)
The page you are trying to view cannot be shown because the authenticity of
the received data could not be verified.
What I tried to resolve the problem: Update to "OpenSSL 1.0.1h 5 Jun 2014", Reinstall nginx,
Reinstall PHP, Regenerate certificates.
I even went through this page. What am I missing here? How can I find out for certain if nginx is actually using the correct OpenSSL?
More posts by @Hamaas447
2 Comments
Sorted by latest first Latest Oldest Best
It is not recommended to mess with that global security setting, but add trusted hosts instead if you really need to.
See this link for information about 'Renegotiation' (CVE-2009-3555):
wiki.mozilla.org/Security:Renegotiation https://wiki.mozilla.org/Security:Renegotiation#security.ssl.renego_unrestricted_hosts
You can look at the security.ssl.renego_unrestricted_hosts pref on the about:config page and add the sites that you want to allow to the string value.
Separate multiple host names by a comma.
Actually your website has a problem of using insecure SSL ciphers.
You should configure the ciphers in your web server like this:
ssl_prefer_server_ciphers On;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
Credit for the configration goes to hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ .
You should also consider removing SSLv3 from ssl_protocols, since it is not that safe either. IE6 users running Windows XP won't be able to connect to your site if you have SSLv3 disabled.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.